Recently laws have been passed to force operating systems to provide age verification for users. This is largely (but not entirely) being done in the United States at the state level. States where this is either proposed or already passed include my home state of California along with Colorado, Utah, and Louisiana (among others). It appears this is gaining traction outside of the US as well after Brazil passed sweeping laws to that effect.

As a resident and citizen of Australia I am also in the thick of it. Australia has passed vaguely coherent “social media bans” and recently effected laws banning access to R-rated content of all types. I must stress that this “ban” is of a completely different nature than the aforementioned operating system age verification legislation. Even the social media ban and similar legislation raise obvious privacy concerns as identified in the linked ABC article, but the recent wave of operating system level incursion is a whole new beast.

The OS Wants Your Info! #

Before I detail the specific privacy concerns with the current tidal wave of legislation I will take a brief aside to describe how infuriating it already is to set up Windows, the world’s most widely used operating system (not counting servers), can be. Recently I had the joy of freshly installing Windows after my Windows drive failed. As part of this process, you are prompted an extraordinary number of times to sign in to a Microsoft account. I was luckily able to avoid doing this, if I were forced to log in on some account I would have been without an operating system - my WiFi drivers were not installed and I had no Ethernet connection, and had to jump through some hoops to connect my phone via USB as the only way to download said drivers.

Windows has pushed connecting Microsoft accounts harder and harder over the years. If you want to set up Windows 11 without connecting an account directly, helpful guides exist. These guides having to exist in the first place is extremely odd. Microsoft has pushed harder and harder over the years to get you to make an account connected to their services before you can even view a webpage with your device. Apparently they consider it worth the added installation friction for the user to have to set this up, as you will have a perfectly functional device without having one of these Microsoft accounts at all.

Early Internet Etiquette #

My first memories of the internet as something I “used” at all were in the mid 2000s. At the time I was using Windows Vista on my mom’s laptop to play games and search things for school assignments at times. There are vague recollections of early YouTube, where my friends showed me how to watch bootleg Naruto episodes split in 3 parts, and trying out online games like RuneScape. Across the board these are very fond memories filled with nostalgia and I look back on what were my first online experiences as very positive.

There was always one usually unspoken rule with the internet in those days - don’t give out any info on your real life. As in absolutely none whatsoever, make sure that you never chat with anyone about your personal life. This is still fantastic advice to give any kid using the internet. There are strange and dangerous people out there who might want information about you, so don’t give out any. Certainly not to strangers, and “stranger danger” was very much a thing in the early internet.

The Megacorporation Exception #

An apparent exception to the obvious “don’t give out info to strangers” rule of using the internet are the megacorps. People blur the lines between “person” and “corporation” when referring to some companies that are so humongous as to be ubiquitously known and involved in aspects of life.

Microsoft #

I have already discussed Microsoft and the Windows operating system at length. Of my many issues with their OS, the main one is this increased focus and insistence on having you connected to their online platform in some way while on the computer. This pushes people towards their many subscription services and storing all their personal data on “the cloud” (Microsoft’s computers).

My newest problem with all cloud storage is privacy concerns regarding AI training, something I will likely discuss at length elsewhere. Microsoft really has their hands everywhere, perhaps this is why many people have less of an issue giving them their personal data.

Google #

Yet another company with their fingers in every pie is the notorious “tech company” (aka search monopoly) Google. They have reached verb status, to me indicating that use of the product is so ubiquitous that it is almost unthinkable to use alternatives. Needless to say there are also plenty of ways that Google gets at your personal data.

I use Gmail, as almost everyone does. This is already a way that Google has potential access to my personal data including but not limited to:

• All job offers I have received
• Formal communication with any digital help service I have used
• All digital receipts I need sent somewhere
• Plenty of communication that contains highly sensitive personally identifiable information (PII)

Naturally I use Google Maps as well. It is an extraordinarily useful service that just so happens to contain almost every single trip and information on it that I have taken within the last half decade at least. Of course this means that on someone else’s computer (aka “the cloud”) there is a particular file or set of files containing my location going back many years. I am sure there are plenty of other things Google knows about me that I would be quite concerned about, but that is certainly one.

Facebook (Meta) #

Even before their rebranding and acquisition of Instagram, Facebook (now Meta) was the preeminent social media network that people chose to willingly (over)share their life stories on. Plenty of negative press already exists regarding Facebook as a result of this. Social media has been incredibly helpful to me in regards to keeping in contact with old friends from the US, that being said I am more than willing to go on about the many negative impacts of social media.

The most concerning to me is the concept of the rumored “shadow profiles”. This makes Facebook by far the most concerning to me - they will collect all information they can, even on people who have never made a single post on their platforms. As much as I can admire the engineering efforts that go towards this, it takes only a second of thinking what they would do with this information to wipe that admiration away and replace it with a level of concern and fear.

Age Verification and its Motivations #

A cynical take on many new proposed laws which proclaim to be to “protect children” or be about “online safety” is that they are a way for liability to change hands. It seems in the case of “Age Verification” style laws this cynicism is warranted. One reddit user made a very in-depth post describing how Meta is behind much (if not all) of this recent push in favor of device or operating system level age verification. While they are not as clearly behind the previously discussed content bans and age verification pushes outside the United States, Meta’s support of these bills and similar propositions is described at length in the post.

Cynicism is merited here. As a company, shifting liability from themselves to the physical devices and software running on them to ensure the user is of a proper age (e.g. 13 to use Facebook or Instagram) is financially valuable. There are massive fines levied for targeted advertising at children for good reason. Once an individual reaches the age of majority laws regarding how targeted ads can be at them and how aggressively you can collect their personal information become far more lax. Meta has really pushed the line as far as possible when it comes to kids and has recently copped massive fines in the hundreds of millions related to child safety.

The obvious motivation here is financial and legal. So long as the megacorporations are not liable when a user is on their platform and lies about their age (as many have done…) this is good for them. They are no longer liable for collecting massive amounts of information for their targeted ad campaigns, and can make all the money they can. Legal responsibility for confirming a user’s age and reporting it now lies with someone else.

A Rational Response #

I use PopOS and have for years. I think their operating system (based on Ubuntu, with a few tweaks) is quite good. Personally I have not used their hardware, but think it looks nice. My main reason for using the OS has been the focus on security by default, which is really the only type that exists.

It turns out their CEO has also had perhaps the most reasonable take on these age verification laws yet. In a blog post on their website all the reasons for PopOS implementing age verification really against their will are laid out very well:

• Children will find ways around this
• Everyone knows this will happen because we all tried to push limits as kids
• This doesn’t fix the core problems, and really makes things worse for everyone
• Just be a good parent to your kids to solve this?

I had a good childhood because I was allowed to push boundaries in many ways and go outside the expected bounds of where a kid would normally go. Much of my time playing with technology was well before the age of 18, or even my teens. Implementing an arbitrary hoop to jump through to use the internet “normally” will simply lead to people finding ways around the hoop. This has already happened in the UK, where people who know enough about technology to use a VPN in order to avoid various internet censorship (“Online Safety” by other words) has led to the current PM considering banning VPNs from being used by children.

Just as the CEO of PopOS has said, blanket banning and increased invasive measures are no substitute for being a good parent to your kids. I was lucky enough to have a good childhood without having to (as the UK is proposing) scan my face every time I searched something, or entering my age and other personally identifying information to the computer to avoid seeing a censored internet. As was said in the System76 blog post, I am hopeful that these laws will come to be viewed as a poor substitution for properly educating children, and really yet another attempt by megacorporations to shield themselves from legal liability.